Announcement

Collapse
No announcement yet.

FP: 1 definitive, 1 maybe

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • FP: 1 definitive, 1 maybe

    IObit Security 360
    OS:Windows XP
    Version:0.2.2.8
    Define Version:1095
    Time:7/31/2009 11:26:51 AM
    |Name|Type|Description|ID|
    Trojan.Agent, File, C:\Documents and Settings\Administrator\Desktop\IE PassView v1.15.exe, 9-16549
    Trojan.Crypt.XPACK, File, C:\WINDOWS\ServicePackFiles\i386\aspnet_regiis.exe, 12-515

    First one is a password viewer, 2nd one ought to be definately a FP.

  • #2
    Hi danburrito,

    Sorry, but one is definitely not false positive giving the paswords in IE (Also quarantined by McAfee Antivirus Plus), and please check the version of aspnet_regiis.exe, it may possibly be a vulnarability, as MS has changed .NET Framework version seeing vulnarability there.

    Versions: 1.0.3705.6018 & 1.0.3705.6060 are seen as Trojan.Crypt.XPACK

    versions: 1.1.4322.2032 & 2.0.50727.3053 are seen CLEAN.

    Cheers.
    enoskype

    - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

    Comment


    • #3
      Originally posted by enoskype View Post
      Hi danburrito,

      Sorry, but one is definitely not false positive giving the paswords in IE (Also quarantined by McAfee Antivirus Plus)
      Given the _potential_ security threat by the password viewer on an unsuspecting users machine, I agree. One more for the ignore list.

      Originally posted by enoskype View Post
      and please check the version of aspnet_regiis.exe, it may possibly be a vulnarability, as MS has changed .NET Framework version seeing vulnarability there.

      Versions: 1.0.3705.6018 & 1.0.3705.6060 are seen as Trojan.Crypt.XPACK

      versions: 1.1.4322.2032 & 2.0.50727.3053 are seen CLEAN.

      Cheers.
      Hmm... seems like the .NET SP1 did not get applied correctly last time. Version was indeed 1.0.3705.6060.

      Thanks, enoskype.

      Comment

      Working...
      X